Sponsored by

Frequently asked questions

What does my score mean?

We try and provide a fair score for all sites that we analyse and your score is representative of how many security based HTTP response headers your site issues.

What grades can my site get?

Your site can score from an A+ grade down to an F grade. The R grade means the site responded with a redirect and you should follow the redirects using the link provided. There is more information on the scores here.

How do I get an A+ grade?

To get an A+ grade your site needs to issue all of the HTTP response headers that we check for. This indicates a high level of commitment to improving security for your visitors.

What headers do you check for?

Over a HTTP connection we check for Content-Security-Policy, X-Content-Type-Options, X-Frame-Options and X-XSS-Protection. Over a HTTPS connection we check for 2 additional headers which are Strict-Transport-Security and Public-Key-Pins.

What do the blue headers mean?

The blue headers are additional information that a site owner could look at. These are things like the value of the Server header or other platform specific headers like X-Powered-By divulging information about the software running on the server.